Privacy

This Privacy Policy explains how we manage your information.

We are bound by the Australian Privacy Principles of the Privacy Act 1988 (Cth) (Privacy Act) in our handling of your personal information. We are also bound by Division 3 of Part IIIA of the Privacy Act, and the Credit Reporting Privacy Code (CR Code) in our handling of your credit-related personal information. References in the policy to "information" include both personal information and credit-related personal information.

We may tell you more about how we handle your information at the time we collect it.

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, such as your name or address.

Personal information may be sensitive information, which includes, for example, information about an individual's health, membership of professional bodies and religion.

What is credit-related personal information?

Credit-related personal information is a variety of personal information that includes information about your credit history or creditworthiness. It includes information about your past experiences with us and other lenders, the kinds of credit products you have had or sought, how you have managed your obligations, information contained in a credit report about you which is obtained by us from a credit reporting body (CRB) and information about your creditworthiness that has been derived by us from such a credit report about you.

Collecting your information

We collect personal information (including, if you apply for or enter into a loan with us, credit-related personal information) about you and about your interactions with us, for example, transactions on your account.

The information we collect may include your name, address and contact details and information specific to a product you seek such as (if you apply for a loan) details of your financial position, employment and your reasons for seeking the loan.

If you apply for a loan, we may collect information about you from third parties (for example, your employer and CRBs) in order to assess your eligibility for the loan. We may also collect information about you from publicly available sources.

When you give us personal information about another person, you agree to inform the person that we have collected their personal information, and of the contents of this Privacy Policy.

We are obligated to take extra care under the Privacy Act in our collection of your sensitive information, such as health information. If we need to collect such information, for example, in connection with assessing whether you have a pre-existing medical condition for insurance purposes, we will ask for your consent.

We are required by the Anti Money Laundering and Counter Terrorism Financing Act 2006 (Cth) and, if you are giving a mortgage, certain State property laws (for example, the Real Property Act 1900 in NSW) to collect information to identify you, and by the National Consumer Credit Protection Act 2009 (Cth) to learn about and verify your financial situation. We are permitted to collect, but you are not required to provide, your Tax File Number under the Taxation Administration Act 1953 (Cth) and the Income Tax Assessment Act 1936 (Cth). Information is requested about tax residency of other countries in order to help us comply with taxation laws including Common Reporting Standard, Foreign Account Taxation Compliance Act and non-resident withholding tax.

If you do not provide some or all of the information we request, we may be unable to provide you with a product or service.

Using your information

We use and exchange your information for the main purpose of providing you with a product or service and to manage our relationship with you, including to:

Assess and process a membership request.

Identify you and verify your identity.

Assess, complete and process your application for any product or service that you make or for which you are a signatory, guarantor or representative.

Your and our professional advisers such as lawyers, accountants and auditors.

Your and our insurers or prospective insurers and their underwriters.

Law enforcement, regulatory, government and dispute resolution bodies.

Anyone who introduces you to us.

Reward program providers.

Payment system operators.

Any person we consider necessary to execute your instructions.

Any person with whom you make a joint application for a product or service.

Any financial institution to or from which a payment is made in relation to any account you have or operate.

Your current and prospective co-borrowers, guarantors, co-guarantors and security providers.

Other credit providers and financial institutions.

CRBs.

Debt collection agencies.

Anyone who obtains an interest in a loan we provide to you or is considering doing so (for example, an assignee), and their professional advisers.

We may also include your personal information on any registers relevant to services we provide, such as the Personal Property Security Register.

When we disclose your information to third parties, we limit their use and disclosure of that personal information to the specific purpose for which it is disclosed and require them to protect your information in accordance with the Privacy Act.

We may disclose your information to our systems support and administrative service providers located overseas. This will include our service providers in the Philippines, Netherlands and the United Kingdom. Where we disclose your personal information overseas, we do so on the basis that the information will only be used for the purposes set out in this Privacy Policy.

Exchanging information with credit reporting bodies

We may obtain a credit report about you from a CRB. A credit report will provide us with information about you that is held by the CRB and which has any bearing on your creditworthiness.

We may use this information to arrive at our own assessment of your creditworthiness.

Further, to enable us to verify your identity, we may disclose your name, date of birth and residential address to a CRB for the purpose of obtaining an assessment of whether that personal information matches information held by the CRB.

We may disclose to a CRB any failure by you to meet your payment obligations in relation to consumer credit and the fact that you have committed fraud or other serious credit infringement.

You may obtain the privacy policy of these CRBs by contacting them on the details above.

CRBs may include information which we provide in reports to other credit providers to assist them to assess your creditworthiness.

You can ask a CRB not to use or disclose credit information it holds about you for a period of 21 days (called a "ban period") without your consent if you believe on reasonable grounds that you have been or are likely to be a victim of fraud, including identity fraud. If you are applying to be a borrower, guarantor or security provider, you agree to us accessing your personal information (including credit-related personal information) held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or in order to collect overdue payments.

CRBs may use credit-related personal information they hold to respond to requests from us or other credit providers to "pre-screen" you for direct marketing. You can ask a CRB not to do this. However, if you are a borrower you may still receive direct marketing from us (unless you ask not to) that has not been "pre-screened".

Protecting your information

We keep your hard copy or electronic records on our premises and systems or offsite using trusted third parties. We take all reasonable steps to ensure that information we hold about you is protected from:

misuse, interference and loss; and

unauthorised access, disclosure or modification.

Your information is only accessible by you and those authorised to access it. Employees and third parties who deal with your information are bound by confidentiality obligations and are required to complete training about information security.

When you transact with us on the internet via our website we encrypt data sent from your computer to our systems. We have firewalls and virus scanning tools to protect unauthorised access. When we send electronic data, we use dedicated secure networks or encryption.

When we no longer need your information, including when we are no longer legally obliged to keep records relating to you, we will destroy it or de-identify it.

Accessing and correcting your personal information

We take all reasonable steps to ensure that the information we may collect, use or disclose is accurate, complete and up-to-date. You have rights to access your information and correct it if it is inaccurate, out-of-date or incomplete.

You may request access to the information we hold about you at any time by contacting the Member Advocate on 13 25 77 or at [email protected]. We will respond to your request within a reasonable time. There is no fee for making a request but we may charge you the reasonable costs of providing our response to a request for access to personal information.

If we refuse to give you access to any of your personal information, we will provide you with reasons for the refusal and the relevant provisions of the Privacy Act on which we rely to refuse access.

You may also ask us to correct any information we hold about you by contacting us using the details noted above. We encourage you to advise us as soon as there is a change to your contact details, such as your phone number or address. We will deal with your request to correct your information in a reasonable time. If we correct your information and it is information we have provided to others we will notify them of the correction where we are required to do so by the Privacy Act. If your request to correct your information relates to information which has been provided to us by a CRB or another credit provider we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.

If we do not agree with the corrections you have requested, we are not obliged to amend your information accordingly, however, we will give you a written notice which sets out the reasons for our refusal.

Direct marketing and your information

We may use your information to advertise or promote products, services, or business or investment opportunities we think may interest you, including by email or telephone. We may also provide your information to other organisations for specific marketing purposes. However, we will not do so where you tell us not to.

You can ask us not to contact you about products and services and not to disclose your information to others for that purpose by calling us on 13 25 77.

Complaints, questions and concerns

If you have any questions or concerns about this Privacy Policy you may contact the Member Advocate on 13 25 77 or at [email protected].

Additionally, if you believe that in handling your personal information we have breached the Australian Privacy Principles, Part IIIA of the Privacy Act or the CR Code and you would like to make a complaint, you may use these same contact details noted above to lodge a complaint.

Once we receive your complaint, we will respond to you as soon as possible and will let you know if we need any further information from you. We will notify you of our decision within 30 days, however if we are unable to do so, we will let you know the reason for the delay and the expected timeframe to resolve the complaint.

If you are not satisfied with our response to your complaint, or the way in which we have handled your complaint, you may contact the Australian Financial Complaints Authority (AFCA), our external dispute resolution scheme, or the Office of the Australian Information Commissioner. The contact details of these entities are as follows: